* Posts by Povl H. Pedersen

46 publicly visible posts • joined 23 Aug 2017

US defense forces no match for the unstoppable fiend known as Reply-All

Povl H. Pedersen

Why was all recipients visible in the first place ?

This would be illegal in civilized countries, and against OpSec in most countries.

BCC exists for a reason, but I know that Microsoft is hiding it. But people sending out mass mails should be taught. Or as they do in the military, promoted to the level where he makes least possible damage.

The world was promised 'cloud magic'. So much for that fairy tale

Povl H. Pedersen

Cloud must be used right

Cloud must be used right.

Any VM / lift&shit you buy will be way more expensive in the cloud. We used to say 8 hours/day was the break-even point and if your on-prem hardware lasts over 3 years, it was even less you could afford to run cloud.

But, some cloud services makes sense. Running scalable cloud apps, databases etc. And you should be aware what yopu get included. You don't need anybody maintaining the stuff below.

But infrastructure as a service is bad,.

UK tribunal: App Store class action seeking up to $1.8b can continue

Povl H. Pedersen

Re: How did they come up with that value

Most users has NOT spent money in the App store.

If 15% is fair, then everybody could get 15% of their purchases back - limited by expiration of the claim.

And if 15% is fair, we need the same everywhere. Microsoft store, Epic store, Playstation Store etc. Personally I think it is dagerous to set a rate.

If developers are not happy, they just drop the Apple app store. And Apple will come to them if they want the product on the shelves.

Marriott Hotels admits to third data breach in 4 years

Povl H. Pedersen

Wrong architecture.

If you have as many locations as hotels, with frequent employee replacement, there is only one great solution.

That is the classic architecture. Some call it Mainframe, other calls it Citrix/Terminal server (with no Internet access from the remote desktop), yet other calls it WebApps.

There is NO reason why huge amounts of data should exist in a hotel branch, no way it should be exportable to a USB drive in a hotel near Kremlin. They are handling GDPR personal data, even sensitive data in some cases.

The only people who should have access to bulk data are IT staff at a central location, whose access is limited with MFA - preferable good MFA (Yubikey or equivalent).

Thus wrong design causes huge data loss thru a low level employee. Nothing new here. But I think EU should fine them 4% of their global turnover since it keeps happening, they clearly are not sufficient technical or organizational means in place, despite 2 earlier warnings.

The wild world of non-C operating systems

Povl H. Pedersen

Old stuff

Macintosh OS 1.0 to 7.x was written in Pascal, and all interfaces were Pascal, no matter what programming language you used.

OS X was a brand new OS.

Early 1980-ties I wanted the white Forth computer, looked like a ZX-81½ but with rubber keys, like they later came to the ZX Spectrum.

I doubt the ZX-81 with its 1kb of RAM had a C-based OS.

I have been programming in assembler, BCPL, C, C++, Pascal, Modula-2 and many more. I think I was introduced to Oberon at university. But programming languages comes and goes. C has stuck around forever.

In the graveyard of good ideas, how does yours measure up to these?

Povl H. Pedersen

You are clueless

Oat (roasted oat) with a bit of sugar and cold milk is pretty popular in places. I have eaten it on an almost daily basis for 50+ years.

Using heat to break down the good stuff is no good. Let the stomach have something harder to digest to work with. It is actually pretty healthy

Where are the (serious) Russian cyberattacks?

Povl H. Pedersen

Cyberattack = real attack

NATO considers a cyuberattack on citricial infrastructure as a real attack, that invokes the paragraph 5 of NATO.

So that would be a war declaration against NATO.

But I think that Russia does not really have the capabilities they thought. Not hackers, and certainly not a good army.

Apple seeks patent for 'innovation' resembling the ZX Spectrum, C64 and rPi 400

Povl H. Pedersen

Truly amazing patent

Can't people see it ? This is a completely new invention.

All former works has had a frame or something making the computer define the desktop space needed.

This is completely different, here it is the desktop space of the keyboard that limits the computer size.

I still have my ZX81, it had like 40% of the desktop area behind/above the keyboard. That could be saved with the new Apple patent.

This is new true magic :-)

Beware the techie who takes things literally

Povl H. Pedersen

You get what you pay for

See subject

IBM looked to reinvigorate its 'dated maternal workforce'

Povl H. Pedersen

IBM - Inexperienced with Bad Management

IBM - Inexperienced with Bad Management - That is what they want to be.

It is not old age that is a problem, it is management.

If you keep the old guy doing the same thing day after day, that is what he gets good at doing.

If the old guy has been problem solving each and every day, he is way better at that than people who have only 10 years experience.

IMHO experience is not to be underrated in IT. Or the bad influence of bad managers. There are few leaders out there, add many bosses and managers.And the bosses are not needed anywhere with educated staff. They can shout at recruits.

Spot the irony: India's Reserve Bank says outsourcing and offshoring are risky

Povl H. Pedersen

Indians too expensive ?

I expect the Indians has become too expensive for Indian banks.

When they are in competition with the rest of the world, they have to pay same prices as american companies.

So of course they will outsource and enjoy all the struggle with communications, outsourcing emplyees costing half but spending 10 times as many hours etc.

All managers knows it is better to pay 10 hours @ $20/hour for low quality than 2 hours at $50/hour for good quality. That is why they outsource in the first place. But they think that since IT is moving so slow, they save paying for all the idle time.

But why that VPN? How WireGuard made it into Linux

Povl H. Pedersen


I think one important reason for Wireguard existing in the first place is that the Raspberry Pi series are one of the few ARM boards that does NOT do hardware crypto. So wireguard was written to get decent VPN performance on the RPi.

I use TV boxes instead, cheaper, faster, and with built-in MMC memory. And they can do hardware crypto, so no reason for me to sacrifice 1 CPU core for VPN when I can run it in hardware crypto.

WG was not written to negotiate encryption algo,

WG has its place. I use it in containers. But it is wasted if you have hardware crypto.

Spar shops across northern England shut after cyber attack hits payment processing abilities

Povl H. Pedersen

Re: Cash Is King

The problem is not credit cards. It is arcane payment terminals from the middle ages that are used in the UK.

In modern countries, the payment terminals can work in offline mode for at least a few thousand transactions. Of course there is a risk that payment will then be declined, but that is a risk that the store likely want to take if the alternative is losing business altogether.

Stony-faced Google drags Android Things behind the cowshed. Two shots ring out

Povl H. Pedersen


The ESP-01 .. ESP32 series of boards are a fantastic IoT platform.

Typically used with Arduino, since there is nothing out there that just blows it away.

IoT is not big boards like the Pi. It is small boards, limited RAM, limited CPU (the ESP8266 is 80MHHz though).

We do not need anything like Android for that. Not sure if something minix/Linux like would even work. For the slow CPUs (Arduino), interrupts are used for data, not context switch, and for timing, every single CPU cycle counts. Just like the old days.

Python swallows Java to become second-most popular programming language... according to this index

Povl H. Pedersen

Re: Sin tax

It is easy to learn, forces some indentation and stuff.

To me it is just another programming language, with its own HUGE set of modules/libraries. As OP wrote, the library is often a big help.

I have written a few small programs from scratch in Python, modified others.

Before Python. Perl was the language with the huge library of modules. Never felt other languages had quite as easy and centralized module library as these two.

Java I never really got to like, despite having written quite a bit of code in it back in the days.

Microservices guru says think serverless, not Kubernetes: You don't want to manage 'a towering edifice of stuff'

Povl H. Pedersen

Cloud or not

Cloud has many advantages.

The biggest advantage is that it is not a headcount item, so you can not downsize management of the servers. Servers do get patched. No FUD can delay that. Bad code will break, but you have to adapt. Inside company walls - own servers - you would be forced to roll back.

But it is expensive, comes with very little support. But usually runs better than self-maintained.

I like cloud for many reasons, but there are also risks associated with it. You have to compare internal operations risks vs cloud operations + cloud risks.

Many companies outsources or goes cloud because they can not get qualified staff to run things on-site. Devops (the new word for the classic sysadm) people are a rarity.

Please stop hard-wiring AWS credentials in your code. Looking at you, uni COVID-19 track-and-test app makers

Povl H. Pedersen

Passwords ?

No good app will have passwords.

It will at best have API keys that are hardwired, and likely changed for each release so they can be used to track releases in use.

The good things with API keys is, that they are applied before user validation, and before users gets their access token, giving them access to only their own data.

And you can block API keys, so basicly killing 1 version of the software only. Or throttle them. Or other interesting things.

Anything looking like a university should be aware, and do things the right way.

My life as a criminal cookie clearer: Register vulture writes Chrome extension, realizes it probably breaks US law

Povl H. Pedersen

EU law

EU law prevents them from setting the cookies in the first place without consent. So say no to tracking cookies instead. Or sue them if that does not work.

Better attack than defend

Stinker, emailer, trawler, spy: How an engineer stole top US chip designs, smuggled them to China to set up a rival fab

Povl H. Pedersen

Security Clearance

I think in many places, there is a security clearance needed. Maybe the companies who lost the data here were not defence contractors, and thus where not required to get a security clearance.

Maybe the FBI / NSA gave them a security clearance.

Remember when we warned in February Apple will crack down on long-life HTTPS certs? It's happening: Chrome, Firefox ready to join in, too

Povl H. Pedersen

Everybody follows the minority player

Again, everybody follows the small marketshare player Apple.

They sell less than 15% of all smart-phones, yet considered a monopoly. I guess they redefined what monopoly means :-)

Now, when will we get warnings in Windows about clipboard snooping ? Something Apple will warn about in next gen OS-X and iOS.

C is for 'Careful now', D is for 'Download surprise': Microsoft to resurrect optional Windows 10 updates as 'Previews'

Povl H. Pedersen


Oh, I thought AD RM was ReMove Active Directory ?

Maybe Microsoft did too, and wanted to remove the threat.

If you're despairing at staff sharing admin passwords, look on the bright side. That's CIA-grade security

Povl H. Pedersen

Re: Numpties, the lot of 'em.

They used Cyber because Super was already taken, and Cyber sounds a bit more middle eastern.

Splunk to junk masters and slaves once a committee figures out replacements

Povl H. Pedersen

Swedish situation

The US is trying to end up in a swedish situation.

To not make difference between people is pure socialism.

BlackLivesMatter are racists because they use skin color to promote their case. They should change their slogan to "All LivesMatter", and put action behind it, instead of meeting at virus spread meetings

Smart fridges are cool, but after a few short years you could be stuck with a big frosty brick in the kitchen

Povl H. Pedersen

There is a reason why we are many that tries to un-cloudify our products.

My Xiaomi is cloudsless thanks to valetudo.

All zigbee devices are controlled through zigbee2mqtt

All WiFi Switches runs Tasmota if they do not natives support MQTT.

My Visonic alarm system is networkable thanks to a $4 serial to Ethernet module and not the $250 cloud bridge.

And everything is controlled by Home Assistant

Latvian drone wrests control from human overlords and shuts down entire nation's skies

Povl H. Pedersen


In case of comms lost, it likely has an emergency procedure. A few years ago, drones always entered into RTC mode (Return to China).

So look east, likely somewhere into Russia.

Still do not understand why loss of radio would cause loss of drone. As I would see it, it would either return to launch point, a preprogrammed coordinate set (maybe (0,0) if not set, or continue its operation for 90 hours, but then they would know where it is. Assume it lost GPS, then it should have another fallback option. Say land, continue straight ahead as best as it can using gyros, or maybe pup-up to a safe altitude before doing so.

They need eyes in the skies and ground search radar.

As Brit cyber-spies drop 'whitelist' and 'blacklist', tech boss says: If you’re thinking about getting in touch saying this is political correctness gone mad, don’t bother

Povl H. Pedersen

Astronomy next

We all know, that once you get in the vicinity of a BLACK hole, youdo not escape before you are WHITE (Supernova)

You're not fooling anyone on that vid-conference call: Walmart says shirt sales soaring, pants not pulled up

Povl H. Pedersen

Not new

See the danish reporter here, Jesper Steinmetz. Full suit on top, reporting from the lawn in front of the white house.

As for trousers and footwear see the image in top of article.


Admins beware! Microsoft gives heads-up for 'disruptive' changes to authentication in Office 365 email service

Povl H. Pedersen

To get customers

This is to get customers for AzureAD.

The great secret here is, that App password completely bypasses any OAuth2 requirement, MFA etc.

Whatever filtering you create, app password just bypasses it - At least until team Evil gets users to create one for them :-)

Even better than getting user consent in 3 clicks.

Quick, get the popcorn: Amazon Web Services says Microsoft's benchmarks for Azure are a load of stripe

Povl H. Pedersen

Enterprise users on O365 will know, that Microsoft is about 1000% slower than anything they have used before :-)

But I guess we only get the leftover cycles from customers paying for those.

So you locked your backups away for years, huh? Allow me to introduce my colleagues, Brute, Force and Ignorance

Povl H. Pedersen


In the 80ties, I worked as a student at the campus Apple center, and later at the big Apple center in town.

We has harddisk issues as well. The Sony 20MB used in Macintosh SE/30 had lubrication that got thicker over time. So at some point, you could not let the computer stay without power over the weekend, or it would not boot monday morning.

First trouble shooting was to try to turn the whole computer 180 degrees back and forth more or less around the center of the harddrive. If that did not work, open the computer, out with the disk, and then in one hand twist it back and forth almost like making a milkshake. Then try to boot again.

It is unbelievable how many customers continue with the defective disk instead o just buying a new one. But SCSI disks where expensive at that time. And if not powered off, they could run for decades.

Rockstar dev debate reopens: Hero programmers do exist, do all the work, do chat a lot – and do need love and attention from project leaders

Povl H. Pedersen


There are the ego type Rockstars, that gets their own isolated parts of the system, as nobody wantys to work with them. They are not really rockstars.

To me the Rockstar has a fanbase among the other developers, he is the one people comes to and asks for advice, and uses for sparring about new ideas. He is the one that will actually help the team as a whole, and communications is part of this. In a pure nerd group, comms is different than in a mixed skills group.

It's always DNS, especially when you're on holiday with nothing but a phone on GPRS

Povl H. Pedersen

Current workplace has servicedesk people on duty 24/7.

People with knowledge are not on call. BUT, if things goes wrong, they will start calling managers, who then have to try to contact their employees. For now, there has always been someone who could help. And we are good at finding hacks to get things running until the right persons are available.

I have been guiding people over the phone from holidays in Italy. But I never bring a PC on holidays, so people can not expect more than that. And if it is work, I will usually answer only when it is convenient. So I mostly get SMS messages telling me to read mail.

BTW: After the on-call fees where suspended, all systems started to run much better during night. Now the people responsible did not want to get disturbed anymore.

Class-action sueball over refurbed iThings will ask Apple what 'as good as new' means

Povl H. Pedersen

Apple lost in Denmark

Apple lost court case in Denmark some years back. They can not repair with used parts, and can not use refurbished phones for warranty replacement.

They will have to repair with new parts, or give you a replacement with only new parts aka new device.

Not all companies are happy about this. But when my Polar watch had issues, I got factory new electronics, in my scratched case. My running watch before that was a Garmin, where 3 refurbished replacements all had issues.

But in Denmark Apply supplies factory new replacement units.

For real this time, get your butt off Python 2: No updates, no nothing after 1 January 2020

Povl H. Pedersen

Java popular ?

How can you call Java popular ? Have you talked to a Java programmer recently ?

You might say it is one of the 3 most widespread languages (like diseases can be spread). But popular is a complete misconception.

For all that does not know, 9 out of 10 cases, AI stands for A-lot-of-Indians. They are cheaper to train, uses way less power, and generates results of the same quality as household AI available for decent money. It is real intelligence to substitute Indians for CPU.

World recoils in horror as smartphone maker accused of helping government snoops read encrypted texts, track device whereabouts

Povl H. Pedersen


Uganda has authorities that spies on people. I worked there for some months 20 years ago, when a shared 64kbit wireless high latency connection was great.

After I got home, I was actually approached by somebody who wanted to recruit me to do hacking and spying on behalf of the politicians / secret police units.

I contacted my home intelligence service, and was told that I could take the contract if I wanted, as this was not targeting NATO or our citizens. I decided against it. So yeah, most governements outside western europe spies on its citizens.

J'accuse! Amazon's Rekognition reckons 1 in 5 Californian lawmakers are crims in ACLU test

Povl H. Pedersen

Re: Amazon's Rekognition system wrongly matched one in five Californian politicians with images

99% ? That is just like accuracy of policemen in the US.

99% of the bullets fired miss the target, and only 1% hits.

If the target is hit, he is by definition guilty of something that warranted his shooting. The US should shar forbidding unjust force.

Drone fliers are either 'clueless, careless or criminal' says air traffic gros fromage

Povl H. Pedersen

Re: How high?

I live in Denmark, and the law is there to protect the general public from danger, and the new thing is privacy.

We have a 5km NFZ around airport, 8km around military airports - They tend to fly a bit lower with jets. We can fly up to 100m outside cities, planes can go down to 150m - so 50m separation if everybody puhes it to the limit. 2km distance to medic heliports (typical at hospitals). 150m away from buildings, parks/beaches near built-up areas, larger roads (defined as speed limit 70 km/h or more), railways, traffic accidents, nature preserves etc. 50m away from non-spectating people, ships etc.

For indoor shows, there must be sufficient protection of spectators.

Rules are simple, a license is £2.00. Drones must be marked with owners registration number, name and phone number. And you must have insurance.

Take my bits awaaaay: DARPA wants to develop AI fighter program to augment human pilots

Povl H. Pedersen

Predictable ?

How can they even come up with an idea that evasive maneuvers should be predictable ?

Anything predictable is the the easiest to attack and kill. It should be completely unpredictable and crazy. It should be a surprise to any opponent or foreign AI (which usuaully means Alotof Indians).

The algoritms should be the most secret in the world, so will usually be outsourced to a contractor with development offices in Ukraine, Russia, India or China.

Now here's a Galaxy far, far away: Samsung stalls Fold rollout after fold-able screens break in hands of reviewers

Povl H. Pedersen

Apple was first

Apple was first with the foldable telephone that broke the screen.

Look back at iPhone 6 and #bendgate.

Samesong is just soo late at copying Apple failures.

South Korea reckons mystery hackers cracked open advanced weapons servers

Povl H. Pedersen

North Korea is supposed by China, so anything stolen by North Korea will likely end up China as well

Which? That smart home camera? The one with the vulns? Really?

Povl H. Pedersen

Re: It's all relative

There is likely one secure solution out there, in the cheaper price range.

It is called Raspberry Pi ZeroW + camera.

Closed source solutions are crap, I have them, but on independent VLAN, and with no Internet access.

We need more open source cams. Most chinese cams are running Linux anyway, so it would be trivial for the vendors to publish specs on the DSP and camera hardware, and thus let us create open firmware.

The first to do it would get lots of business, but likely would suffer from customers not upgrading their crap as fast.

Things that make you go hmmm: Do crypto key servers violate GDPR?

Povl H. Pedersen

How about blockchain

If somebody posts personal data about John Johnson on the blockchain, say for Bitcoin, how can John Johnson get it deleted ? This is also not possible.

I heard rumors that somebody who dislikes Bitcoin at some point upload a child pornographic image to the blockchain, basicly making the blockchain illegal material in most countries. Could have been government actor.

Latest F-35 flight tests finish – and US stops accepting new jets

Povl H. Pedersen


I still do not understand why all engines will have to be serviced in the country that is now Russias best friend. That alone is a risk. But maybe they can deliver the worst job at the lowest price ?

Don't have crityical stuff done south of the alps, it is just as bad as Americans having things done south of the border.

Must have been decided by Mr. Donald himself.

US spanks EU businesses in race to detect p0wned servers

Povl H. Pedersen


GDPR gives you 4 days to contact authorities after you have VERIFIED that a breach has taken place. There is no penalty for being slow to detect, or reading about your breach in media.

GDPR is mostly an excercise in getting documentation and processes in place, and very little about necesary technical controls.

Cloudflare touts privacy-friendly public DNS service. Hmm, let's take a closer look at that

Povl H. Pedersen conflict

I have actually seen many capture-portals on WiFi redirecting users to

Not sure if this will be a problem, or if the routing will work correctrly after accepting the WiFi terms&Conditions

Apple iCloud Keychain easily slurped by cops, ElcomSoft claims

Povl H. Pedersen

Big problem

NOT. To get access to the keychain you need:

icloud username and pasword

and a verified device with 2FA.

Then you can get access to the keychain.

The only thing you bypass is really the local device password of the device having keychain access. Is this a problem ? Not really, but it means I will take my non-pasword protected iPad that the children uses, and move it to a family account.